VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Volume
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2016-08-09 12:25:52 (GMT)
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2016-08-14 23:09:11 (GMT)
commite90e24b30b379752bf6531c663085de1d2a653d7 (patch)
tree6ff3a18a2e9dedb9e506d67f2c560e1c8f657e47 /src/Volume
parent0b2c8b09c6eb3ddce22fa88c34a640881f8f2177 (diff)
downloadVeraCrypt-e90e24b30b379752bf6531c663085de1d2a653d7.zip
VeraCrypt-e90e24b30b379752bf6531c663085de1d2a653d7.tar.gz
Windows: Add support for Streebog (hash) and kuznyechik (encryption)
Diffstat (limited to 'src/Volume')
-rw-r--r--src/Volume/Cipher.cpp44
-rw-r--r--src/Volume/Cipher.h2
-rw-r--r--src/Volume/EncryptionAlgorithm.cpp19
-rw-r--r--src/Volume/EncryptionAlgorithm.h2
-rw-r--r--src/Volume/EncryptionTest.cpp12
-rw-r--r--src/Volume/Hash.cpp25
-rw-r--r--src/Volume/Hash.h23
-rw-r--r--src/Volume/Pkcs5Kdf.cpp13
-rw-r--r--src/Volume/Pkcs5Kdf.h34
-rw-r--r--src/Volume/Volume.make3
-rw-r--r--src/Volume/VolumeLayout.cpp12
11 files changed, 188 insertions, 1 deletions
diff --git a/src/Volume/Cipher.cpp b/src/Volume/Cipher.cpp
index a90b3c4..6944908 100644
--- a/src/Volume/Cipher.cpp
+++ b/src/Volume/Cipher.cpp
@@ -16,6 +16,8 @@
#include "Crypto/Serpent.h"
#include "Crypto/Twofish.h"
#include "Crypto/Camellia.h"
+#include "Crypto/GostCipher.h"
+#include "Crypto/kuznyechik.h"
#ifdef TC_AES_HW_CPU
# include "Crypto/Aes_hw_cpu.h"
@@ -80,6 +82,8 @@ namespace VeraCrypt
l.push_back (shared_ptr <Cipher> (new CipherSerpent ()));
l.push_back (shared_ptr <Cipher> (new CipherTwofish ()));
l.push_back (shared_ptr <Cipher> (new CipherCamellia ()));
+ l.push_back (shared_ptr <Cipher> (new CipherGost89 ()));
+ l.push_back (shared_ptr <Cipher> (new CipherKuznyechik ()));
return l;
}
@@ -264,6 +268,46 @@ namespace VeraCrypt
camellia_set_key (key, ScheduledKey.Ptr());
}
+ // GOST89
+ void CipherGost89::Decrypt (byte *data) const
+ {
+ gost_decrypt (data, data, (gost_kds *) ScheduledKey.Ptr(), 1);
+ }
+
+ void CipherGost89::Encrypt (byte *data) const
+ {
+ gost_encrypt (data, data, (gost_kds *) ScheduledKey.Ptr(), 1);
+ }
+
+ size_t CipherGost89::GetScheduledKeySize () const
+ {
+ return GOST_KS;
+ }
+
+ void CipherGost89::SetCipherKey (const byte *key)
+ {
+ gost_set_key (key, (gost_kds *) ScheduledKey.Ptr());
+ }
+ // Kuznyechik
+ void CipherKuznyechik::Decrypt (byte *data) const
+ {
+ kuznyechik_decrypt_block (data, data, (kuznyechik_kds *) ScheduledKey.Ptr());
+ }
+
+ void CipherKuznyechik::Encrypt (byte *data) const
+ {
+ kuznyechik_encrypt_block (data, data, (kuznyechik_kds *) ScheduledKey.Ptr());
+ }
+
+ size_t CipherKuznyechik::GetScheduledKeySize () const
+ {
+ return KUZNYECHIK_KS;
+ }
+
+ void CipherKuznyechik::SetCipherKey (const byte *key)
+ {
+ kuznyechik_set_key (key, (kuznyechik_kds *) ScheduledKey.Ptr());
+ }
bool Cipher::HwSupportEnabled = true;
}
diff --git a/src/Volume/Cipher.h b/src/Volume/Cipher.h
index 522142b..28e0bd7 100644
--- a/src/Volume/Cipher.h
+++ b/src/Volume/Cipher.h
@@ -107,6 +107,8 @@ namespace VeraCrypt
TC_CIPHER (Serpent, 16, 32);
TC_CIPHER (Twofish, 16, 32);
TC_CIPHER (Camellia, 16, 32);
+ TC_CIPHER (Gost89, 16, 32);
+ TC_CIPHER (Kuznyechik, 16, 32);
#undef TC_CIPHER
diff --git a/src/Volume/EncryptionAlgorithm.cpp b/src/Volume/EncryptionAlgorithm.cpp
index 589db9b..119b553 100644
--- a/src/Volume/EncryptionAlgorithm.cpp
+++ b/src/Volume/EncryptionAlgorithm.cpp
@@ -65,6 +65,8 @@ namespace VeraCrypt
l.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ()));
l.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ()));
l.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ()));
+ l.push_back (shared_ptr <EncryptionAlgorithm> (new GOST89 ()));
+ l.push_back (shared_ptr <EncryptionAlgorithm> (new Kuznyechik ()));
l.push_back (shared_ptr <EncryptionAlgorithm> (new AESTwofish ()));
l.push_back (shared_ptr <EncryptionAlgorithm> (new AESTwofishSerpent ()));
l.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentAES ()));
@@ -293,4 +295,21 @@ namespace VeraCrypt
SupportedModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
}
+
+
+ // GOST89
+ GOST89::GOST89 ()
+ {
+ Ciphers.push_back (shared_ptr <Cipher> (new CipherGost89()));
+
+ SupportedModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
+ }
+
+ // Kuznyechik
+ Kuznyechik::Kuznyechik ()
+ {
+ Ciphers.push_back (shared_ptr <Cipher> (new CipherKuznyechik()));
+
+ SupportedModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
+ }
}
diff --git a/src/Volume/EncryptionAlgorithm.h b/src/Volume/EncryptionAlgorithm.h
index 8ebbea2..ff1b128 100644
--- a/src/Volume/EncryptionAlgorithm.h
+++ b/src/Volume/EncryptionAlgorithm.h
@@ -86,6 +86,8 @@ namespace VeraCrypt
TC_ENCRYPTION_ALGORITHM (TwofishSerpent);
TC_ENCRYPTION_ALGORITHM (SerpentTwofishAES);
TC_ENCRYPTION_ALGORITHM (Camellia);
+ TC_ENCRYPTION_ALGORITHM (GOST89);
+ TC_ENCRYPTION_ALGORITHM (Kuznyechik);
#undef TC_ENCRYPTION_ALGORITHM
}
diff --git a/src/Volume/EncryptionTest.cpp b/src/Volume/EncryptionTest.cpp
index f874de8..eed8bd1 100644
--- a/src/Volume/EncryptionTest.cpp
+++ b/src/Volume/EncryptionTest.cpp
@@ -847,7 +847,7 @@ namespace VeraCrypt
nTestsPerformed++;
}
- if (nTestsPerformed != 90)
+ if (nTestsPerformed != 100)
throw TestFailed (SRC_POS);
}
@@ -872,5 +872,15 @@ namespace VeraCrypt
pkcs5HmacWhirlpool.DeriveKey (derivedKey, password, salt, 5);
if (memcmp (derivedKey.Ptr(), "\x50\x7c\x36\x6f", 4) != 0)
throw TestFailed (SRC_POS);
+
+ Pkcs5HmacSha256 pkcs5HmacSha256;
+ pkcs5HmacSha256.DeriveKey (derivedKey, password, salt, 5);
+ if (memcmp (derivedKey.Ptr(), "\xf2\xa0\x4f\xb2", 4) != 0)
+ throw TestFailed (SRC_POS);
+
+ Pkcs5HmacStreebog pkcs5HmacStreebog;
+ pkcs5HmacStreebog.DeriveKey (derivedKey, password, salt, 5);
+ if (memcmp (derivedKey.Ptr(), "\xd0\x53\xa2\x30", 4) != 0)
+ throw TestFailed (SRC_POS);
}
}
diff --git a/src/Volume/Hash.cpp b/src/Volume/Hash.cpp
index 225176a..ea3517e 100644
--- a/src/Volume/Hash.cpp
+++ b/src/Volume/Hash.cpp
@@ -15,6 +15,7 @@
#include "Crypto/Rmd160.h"
#include "Crypto/Sha2.h"
#include "Crypto/Whirlpool.h"
+#include "Crypto/Streebog.h"
namespace VeraCrypt
{
@@ -138,4 +139,28 @@ namespace VeraCrypt
if_debug (ValidateDataParameters (data));
WHIRLPOOL_add (data.Get(), (int) data.Size(), (WHIRLPOOL_CTX *) Context.Ptr());
}
+
+ // Streebog
+ Streebog::Streebog ()
+ {
+ Context.Allocate (sizeof (STREEBOG_CTX));
+ Init();
+ }
+
+ void Streebog::GetDigest (const BufferPtr &buffer)
+ {
+ if_debug (ValidateDigestParameters (buffer));
+ STREEBOG_finalize ((STREEBOG_CTX *) Context.Ptr(), buffer);
+ }
+
+ void Streebog::Init ()
+ {
+ STREEBOG_init ((STREEBOG_CTX *) Context.Ptr());
+ }
+
+ void Streebog::ProcessData (const ConstBufferPtr &data)
+ {
+ if_debug (ValidateDataParameters (data));
+ STREEBOG_add (data.Get(), (int) data.Size(), (STREEBOG_CTX *) Context.Ptr());
+ }
}
diff --git a/src/Volume/Hash.h b/src/Volume/Hash.h
index 139924c..9cef9de 100644
--- a/src/Volume/Hash.h
+++ b/src/Volume/Hash.h
@@ -139,6 +139,29 @@ namespace VeraCrypt
Whirlpool (const Whirlpool &);
Whirlpool &operator= (const Whirlpool &);
};
+
+ // Streebog
+ class Streebog : public Hash
+ {
+ public:
+ Streebog ();
+ virtual ~Streebog () { }
+
+ virtual void GetDigest (const BufferPtr &buffer);
+ virtual size_t GetBlockSize () const { return 64; }
+ virtual size_t GetDigestSize () const { return 512 / 8; }
+ virtual wstring GetName () const { return L"Streebog"; }
+ virtual wstring GetAltName () const { return L"Streebog"; }
+ virtual shared_ptr <Hash> GetNew () const { return shared_ptr <Hash> (new Streebog); }
+ virtual void Init ();
+ virtual void ProcessData (const ConstBufferPtr &data);
+
+ protected:
+
+ private:
+ Streebog (const Streebog &);
+ Streebog &operator= (const Streebog &);
+ };
}
#endif // TC_HEADER_Encryption_Hash
diff --git a/src/Volume/Pkcs5Kdf.cpp b/src/Volume/Pkcs5Kdf.cpp
index d56fe02..1e229d1 100644
--- a/src/Volume/Pkcs5Kdf.cpp
+++ b/src/Volume/Pkcs5Kdf.cpp
@@ -66,6 +66,7 @@ namespace VeraCrypt
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacWhirlpool (false)));
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha256 ()));
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacRipemd160 (false)));
+ l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacStreebog ()));
}
return l;
@@ -112,4 +113,16 @@ namespace VeraCrypt
ValidateParameters (key, password, salt, iterationCount);
derive_key_whirlpool ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size());
}
+
+ void Pkcs5HmacStreebog::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
+ {
+ ValidateParameters (key, password, salt, iterationCount);
+ derive_key_streebog ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size());
+ }
+
+ void Pkcs5HmacStreebog_Boot::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
+ {
+ ValidateParameters (key, password, salt, iterationCount);
+ derive_key_streebog ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size());
+ }
}
diff --git a/src/Volume/Pkcs5Kdf.h b/src/Volume/Pkcs5Kdf.h
index d92a330..c10efaf 100644
--- a/src/Volume/Pkcs5Kdf.h
+++ b/src/Volume/Pkcs5Kdf.h
@@ -152,6 +152,40 @@ namespace VeraCrypt
Pkcs5HmacWhirlpool (const Pkcs5HmacWhirlpool &);
Pkcs5HmacWhirlpool &operator= (const Pkcs5HmacWhirlpool &);
};
+
+ class Pkcs5HmacStreebog : public Pkcs5Kdf
+ {
+ public:
+ Pkcs5HmacStreebog () : Pkcs5Kdf(false) { }
+ virtual ~Pkcs5HmacStreebog () { }
+
+ virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
+ virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Streebog); }
+ virtual int GetIterationCount (int pim) const { return pim <= 0 ? 500000 : (15000 + (pim * 1000)); }
+ virtual wstring GetName () const { return L"HMAC-Streebog"; }
+ virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacStreebog(m_truecryptMode); }
+
+ private:
+ Pkcs5HmacStreebog (const Pkcs5HmacStreebog &);
+ Pkcs5HmacStreebog &operator= (const Pkcs5HmacStreebog &);
+ };
+
+ class Pkcs5HmacStreebog_Boot : public Pkcs5Kdf
+ {
+ public:
+ Pkcs5HmacStreebog_Boot () : Pkcs5Kdf(false) { }
+ virtual ~Pkcs5HmacStreebog_Boot () { }
+
+ virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
+ virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Streebog); }
+ virtual int GetIterationCount (int pim) const { return pim <= 0 ? 200000 : pim * 2048; }
+ virtual wstring GetName () const { return L"HMAC-Streebog"; }
+ virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacStreebog_Boot(m_truecryptMode); }
+
+ private:
+ Pkcs5HmacStreebog_Boot (const Pkcs5HmacStreebog_Boot &);
+ Pkcs5HmacStreebog_Boot &operator= (const Pkcs5HmacStreebog_Boot &);
+ };
}
#endif // TC_HEADER_Encryption_Pkcs5
diff --git a/src/Volume/Volume.make b/src/Volume/Volume.make
index 2888db7..855e5f6 100644
--- a/src/Volume/Volume.make
+++ b/src/Volume/Volume.make
@@ -52,6 +52,9 @@ OBJS += ../Crypto/Sha2.o
OBJS += ../Crypto/Twofish.o
OBJS += ../Crypto/Whirlpool.o
OBJS += ../Crypto/Camellia.o
+OBJS += ../Crypto/GostCipher.o
+OBJS += ../Crypto/Streebog.o
+OBJS += ../Crypto/kuznyechik.o
OBJS += ../Common/Crc.o
OBJS += ../Common/Endian.o
diff --git a/src/Volume/VolumeLayout.cpp b/src/Volume/VolumeLayout.cpp
index 623d2b8..69981a0 100644
--- a/src/Volume/VolumeLayout.cpp
+++ b/src/Volume/VolumeLayout.cpp
@@ -100,6 +100,8 @@ namespace VeraCrypt
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ()));
+ SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new GOST89 ()));
+ SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Kuznyechik ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AESTwofish ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AESTwofishSerpent ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentAES ()));
@@ -139,6 +141,8 @@ namespace VeraCrypt
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ()));
+ SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new GOST89 ()));
+ SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Kuznyechik ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AESTwofish ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AESTwofishSerpent ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentAES ()));
@@ -185,6 +189,8 @@ namespace VeraCrypt
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ()));
+ SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new GOST89 ()));
+ SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Kuznyechik ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AESTwofish ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AESTwofishSerpent ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentAES ()));
@@ -210,6 +216,12 @@ namespace VeraCrypt
if (!truecryptMode)
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha256_Boot ()));
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacRipemd160_1000 (truecryptMode)));
+ if (!truecryptMode)
+ {
+ l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha512 (false)));
+ l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacWhirlpool (false)));
+ l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacStreebog ()));
+ }
return l;
}
}